diff --git a/google/data_source_google_container_cluster_test.go b/google/data_source_google_container_cluster_test.go index 88e35cb8c16..414735f2cac 100644 --- a/google/data_source_google_container_cluster_test.go +++ b/google/data_source_google_container_cluster_test.go @@ -66,6 +66,7 @@ func testAccDataSourceGoogleContainerClusterCheck(dataSourceName string, resourc "cluster_ipv4_cidr", "description", "enable_kubernetes_alpha", + "enable_tpu", "enable_legacy_abac", "endpoint", "enable_legacy_abac", diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index c8cbf38772b..373bfb51974 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -213,6 +213,13 @@ func resourceContainerCluster() *schema.Resource { Default: false, }, + "enable_tpu": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Default: false, + }, + "enable_legacy_abac": { Type: schema.TypeBool, Optional: true, @@ -553,6 +560,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er NetworkPolicy: expandNetworkPolicy(d.Get("network_policy")), AddonsConfig: expandClusterAddonsConfig(d.Get("addons_config")), EnableKubernetesAlpha: d.Get("enable_kubernetes_alpha").(bool), + EnableTpu: d.Get("enable_tpu").(bool), IpAllocationPolicy: expandIPAllocationPolicy(d.Get("ip_allocation_policy")), PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")), MasterIpv4CidrBlock: d.Get("master_ipv4_cidr_block").(string), @@ -733,6 +741,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro d.Set("cluster_ipv4_cidr", cluster.ClusterIpv4Cidr) d.Set("description", cluster.Description) d.Set("enable_kubernetes_alpha", cluster.EnableKubernetesAlpha) + d.Set("enable_tpu", cluster.EnableTpu) d.Set("enable_legacy_abac", cluster.LegacyAbac.Enabled) d.Set("logging_service", cluster.LoggingService) d.Set("monitoring_service", cluster.MonitoringService) diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index b1dc4f015f4..8b7a2c769c1 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -460,6 +460,32 @@ func TestAccContainerCluster_withKubernetesAlpha(t *testing.T) { }) } +func TestAccContainerCluster_withTpu(t *testing.T) { + t.Parallel() + + clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckContainerClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withTpu(clusterName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("google_container_cluster.with_tpu", "enable_tpu", "true"), + ), + }, + { + ResourceName: "google_container_cluster.with_tpu", + ImportStateIdPrefix: "us-central1-b/", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccContainerCluster_withPrivateCluster(t *testing.T) { t.Parallel() @@ -1743,6 +1769,49 @@ resource "google_container_cluster" "with_kubernetes_alpha" { }`, clusterName) } +func testAccContainerCluster_withTpu(clusterName string) string { + return fmt.Sprintf(` +resource "google_compute_network" "container_network" { + name = "container-net-%s" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "container_subnetwork" { + name = "${google_compute_network.container_network.name}" + network = "${google_compute_network.container_network.name}" + ip_cidr_range = "10.0.35.0/24" + region = "us-central1" + + secondary_ip_range { + range_name = "pod" + ip_cidr_range = "10.1.0.0/19" + } + + secondary_ip_range { + range_name = "svc" + ip_cidr_range = "10.2.0.0/22" + } +} + +resource "google_container_cluster" "with_tpu" { + name = "cluster-test-%s" + zone = "us-central1-b" + initial_node_count = 1 + + enable_tpu = true + + network = "${google_compute_network.container_network.name}" + subnetwork = "${google_compute_subnetwork.container_subnetwork.name}" + + master_ipv4_cidr_block = "10.42.0.0/28" + master_authorized_networks_config { cidr_blocks = [] } + ip_allocation_policy { + cluster_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.0.range_name}" + services_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.1.range_name}" + } +}`, clusterName, clusterName) +} + func testAccContainerCluster_defaultLegacyAbac(clusterName string) string { return fmt.Sprintf(` resource "google_container_cluster" "default_legacy_abac" { diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index bd6df5de9ea..127e21c474e 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -101,6 +101,9 @@ output "cluster_ca_certificate" { this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. +* `enable_tpu` - (Optional) Whether to enable Cloud TPU resources in this cluster. + See the [official documentation](https://cloud.google.com/tpu/docs/kubernetes-engine-setup). + * `enable_legacy_abac` - (Optional) Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM.